I am trying to figure out how to achieve that. I want a public access point that would allow connection to the internet. Also I want a private access point that would allow connection to the internet plus to the wired network. I would like computers at private network to be able to communicate , but from public restrict any access to private network.
If they didn't share the same internet modem-router that wouldn't be a problem..
Currently I have an Access Point, a ISP modem router and a simple switch.

2 Answers
2

The best way to set this up would be with a firewall or other Router type appliance (whether it be an old Watchguard Firebox, or even just a small PC with several NICs in it) running something like PFSense. This is an open source firewall system and you can divide your system into subnets and ad WAPs to the ones you want to have wireless to. PFSense can be configured to allow or deny traffic between the subnets with relative ease.

The more ghetto way of doing it, but by far the easiest is to just buy two wireless routers and put one behind the other. By doing this, the true internet facing one becomes your "open" or "public" wireless network. The one behind that router becomes the private, any machines connected to the forward one would not be able to just "see" the machines connected to the one behind it.

Obviously the first implementation is the more text book proper way to do something like this, but the second way is perfectly fine, and will function as you desire with little configuration.

I do something similar to this at home with a Linux box and IPtables. Since I'm cheap I loaded DD-Wrt on my router to get VLAN and Multiple SSID support so I can map different SSIDs and encryptions setting to different VLANs.
–
chuckDec 9 '11 at 14:27

I am not experienced with networks. Putting one behind the other you mean bridge the internet wifi router with the other wifi router? Another option i heard is using VLAN but my modem doesnt have this option although its manual has a screeshot with it. It has something similar called port binding but cant choose same ATM connection more than one time so its useless. The modem has a routing table but adding something there could help? Like all private computers have as gateway the private router.
–
ParhsDec 11 '11 at 2:35

Sorry Parhs I havent been on this site in a few weeks. That is actually just a WAP (Wireless Access point) not a router. This would not have any kind of DHCP capability or firewalling capabilities. Putting one wireless ROUTER behind another would work as described above. To do this, plug one router in as you normally would to your ISP's modem using the WAN port, then plug a second wireless router in using one of the LAN ports to the WAN port on the second wireless router. The devices on this second router's network would effectively be screened from the devices connected to the front one.
–
PaperlanternDec 29 '11 at 19:51